Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong

This presentation will look at the history of the Schrems litigation and the recent ECJ case decision referred from Ireland. My film here gives some background https://bit.ly/pshielddead. This has been called the most significant litigation in the history of data transfer and involved an Austrian law student succeeding against the might of both Facebook and the US government. It’s a gripping story and one that I’ve followed for more than 6 years now but it has important lessons for global business.

The talk will also look into the political difficulties facing data transfer from the EU to the US. We’ll then look at some additional questions posed by the judgment and the current political climate:

- Will Trump build bridges?
- How will this be resolved?
- What does this mean for other jurisdictions including Russia and China?
- What does this mean for Japan?
- Can national security and data protection ever survive together?
- Why has data transfer become so political?
- How can corporations in Japan minimise their risk?

  • Be the first to comment

  • Be the first to like this

[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong

  1. 1. @CorderyUK Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? Jonathan Armstrong 29 October 2020
  2. 2. @CorderyUK© Cordery 2020 History 1
  3. 3. @CorderyUK© Cordery 2020 History • 2011 - Santa Clara lecture • SAR to Facebook • 2013 - Schrems makes complaint to DPC about Facebook • July 2014 - Irish High Court refers Schrems I to ECJ • October 2015 - Safe Harbor struck down • November 2015 - Schrems II case appealed to Austrian Supreme Court • December 2015 - Schrems complains to DPC about SCCs • July 2016 - Privacy Shield adopted • July 2020 Privacy Shield struck down by ECJ (Switzerland & Israel followed) 2
  4. 4. @CorderyUK© Cordery 2020 Will Trump build bridges? 3
  5. 5. @CorderyUK© Cordery 2020 Will Trump build bridges? 1. Unlikely? 2. Election year 3. Increased focus on security 4. Xenophobia (and Sinophobia) 5. Obama’s more compromising administration could not provide a fix 4
  6. 6. @CorderyUK© Cordery 2020 Will this be resolved? 1. SCCs 2. Issue avoidance 3. Self-help by corporations 4. Reassuring words from European Commission BUT: 1. Litigation (e.g. potential Amazon class action) 2. Regulators will act 3. Schrems IV! 5
  7. 7. @CorderyUK© Cordery 2020 What does this mean for Russia and China? 6
  8. 8. @CorderyUK© Cordery 2020 What does this mean for Russia and China? 1. Possibly greater scrutiny 2. However less commercial impetus 3. Increased issues for China native offerings e.g. TikTok 7
  9. 9. @CorderyUK© Cordery 2020 What does this mean for the UK after Brexit? 8
  10. 10. @CorderyUK© Cordery 2020 What does this mean for Japan? 9
  11. 11. @CorderyUK© Cordery 2020 What does this mean for Japan? 1. Greater focus on ‘adequacy’ (see e.g. 2/10/2020 announcement re higher fines) 2. Annual reviews by EU? (and UK?) 3. Possibility of greater scrutiny of activities of Japanese security services (e.g. enquiry sheet system; Snowden allegations e.g. XKEYSCORE & MALLARD) 4. Greater scrutiny of laws protecting data of non-Japanese nationals from state surveillance (e.g. new PPC English language helpline) 5. More prospect of pressure group activities 6. Class actions? 7. Greater role for InfoSec & Legal in decision making? 10
  12. 12. @CorderyUK© Cordery 2020 Can National Security and Data Protection ever survive together? 11
  13. 13. @CorderyUK© Cordery 2020 How can organisations in Japan minimise risk? 12
  14. 14. @CorderyUK© Cordery 2020 How can organisations in Japan minimise risk? 1. Set out clear rules 2. Place strong emphasis on security 3. Look at Standard Contractual Clauses/Model Clauses (SCCs) 4. Be prepared to explain limits on Japanese law 5. Look at other measures e.g. ombudsmen, notice of requests for data 6. Look at future change – one man can change your world 13
  15. 15. @CorderyUK© Cordery 2020 Resources GDPR FAQs – www.bit.ly/gdprfaqs GDPR Glossary – www.bit.ly/gdprwords Privacy Shield (Schrems III Case) - https://bit.ly/pshielddead Swiss Privacy Shield collapses - https://bit.ly/swisspshield GDPR 2 Years On (Film) https://www.corderycompliance.com/gdpr-first-2- year-part-1/ SCCE Article on GDPR 2 Years On - https://www.corderycompliance.com/2- years-gdpr-security-breach-lessons/ GDPR, data transfer and investigations - https://bit.ly/gdprinvest Facebook case - https://www.corderycompliance.com/ireland-dpc-halts-fb- dating-service/ Film on brands in a crisis – www.bit.ly/levickfilm Amazon litigation over Privacy Shield - https://bit.ly/berlindp 14
  16. 16. @CorderyUK@ Cordery 2020 Questions Jonathan Armstrong Partner Cordery T +44 (0)20 7075 1784 E jonathan.armstrong@corderycompliance.com @armstrongjp

×